Heimdal ফিরে comes back with another insightful story about the state of security malware. As always, we will go through the numbers, call the newcomers and pay homage to the usual suspects. There have been no major updates since last month – the Trojans still outperform opponents, with a total of 20K + detection. Still, June is not without bombs. We have 30 new malware, a significant increase over the last few months. So, without further ado, here is the June edition of our Threat Hunting Journal. Enjoy, subscribe and share!
Top Malware (s) Detection: 1st June – 29th June
Throughout the month of June, Heimdal িক Security’s SOC team identified (and mitigated) 22 Trojan strains, a total of 21,718 (positive) hits, an increase of 30% since May and the second historic high since April when our team identified 25,976 (Positive) hits. According to the distribution, TR / Swrort.fkiqj ranks first with 8,260 positive IDs, followed by EXP / CVE-2010-2568.A with 4,775 positive identities and VBS / Ramnit.abcd with 2,900 positive identities. As I may have mentioned in the introduction, there is a maximum number of new malware in June – 30 new ones. To name a few of them, we have JS.FileCoder.poinj 951 positive hits, PUA / UTorrentWeb.BE 365 hits, TR / ATRAPS.Gen 532 with positive detection and TR / Dldr.Delphi.Gen 381 positive hits detection below. You will get incoherent list of malware detection in June
Name | The number of hits |
---|---|
ACAD / Burste.K | 175 |
ACAD / Bursted.AN | 2854 |
Adware / JSPounder.G | 259 |
ADWARE / JsReviser.G | 219 |
Eicar-test-signature | 293 |
EXP / CVE-2010-2568.A | 4775 |
EXP / PyShellCode.G | 2862 |
HEUR / AGEN.1213003 | 249 |
HEUR / AGEN.1249827 | 160 |
Time / APC | 1190 |
HTML / ExpKit.Gen2 | 1072 |
HTML / Infected.WebPage.Gen | 870 |
HTML / Infected.WebPage.Gen2 | 195 |
HTML / Phish.egr | 951 |
HTML / Phish.MMI | 768 |
JS / FileCoder.poinj | 168 |
JS / Malscript.G13 | 674 |
LNK / Runner.VPFJ | 573 |
PUA / OpenInstall.Gen | 581 |
PUA / UTorrentWeb.BA | 813 |
PUA / UTorrentWeb.BE | 365 |
TR / AD.GoCloudnet.kabtg | 691 |
TR / AD.Swotter.lckuu | 557 |
TR / ATRAPS.Gen | 532 |
TR / CoinMiner.uwtyu | 2745 |
TR / CoinMiner.wmstw | 927 |
TR / Crypt.FKM.Gen | 155 |
TR / Crypt.XPACK.Gen | 687 |
TR / Crypt.XPACK.Gen3 | 278 |
TR / Crypt.XPACK.Gen4 | 150 |
TR / Dldr.Delphi.Gen | 381 |
TR / Downloader.Gen | 214 |
TR / Dropper.Zen | 298 |
TR / dropper.Zen2 | 1118 |
TR / dropper.Zen7 | 160 |
TR / Patched.Zen | 1796 |
TR / Patched.Ren.Jen | 303 |
TR / Patched.Ren.Gen4 | 845 |
TR / Patched.Ren.Gen7 | 379 |
TR / PSInject.G1 | 938 |
TR / RanumBot.xxlef | 151 |
TR / Redcap.rzbdb | 153 |
TR / Swrort.fkiqj | 8260 |
TR / Trash.Zen | 2184 |
VBS / Ramnit.abcd | 2900 |
W32 / Floxif.hdc | 270 |
W32 / can | 190 |
W32 / Ramnit.C | 936 |
W32 / Run.Ramnit.C | 278 |
W32 / Sality.AT | 288 |
Top 5 Malware Details
Let’s take a closer look at this month’s list of top 5 malware.
TR / Crypt.FKM.Gen
TR / Crypt.FKM.Gen is a Trojan designed to infiltrate prey machines, bypass security and install spyware.
PUA / UTorrentWeb.BA
PUA / UTorrentWeb.BA is a potentially unwanted application that typically infects machines running P2P file-sharing applications such as uTorrent or qBittorent. This type of malware can affect performance, and can place coin-mining tools on prey machines or spyware.
HTML / Phish.MMI
HTML / Phish.MMI is a malware that behaves like a Trojan. Once it lands on the machine, the malware will try to secure a connection to a malicious C2 server.
ADWARE / JsReviser.G
ADWARE / JsRevizer.G is designed to display potentially dangerous ads on hunting machines.
W32 / Sality.AT
Sality.AT is the latest version of the Sally computer virus. This malware is usually distributed via email or infected removable drive. Once inside the machine, Sality.AT will try to infect shared drives, local drives and any connected removable media. Compared to its predecessors, Sality.AT employs multifaceted strategies to avoid detection and maximize impact.
Additional cybersecurity tips and separation thoughts
It has rolled out the June edition of our threat victim journal. Before I scout, here are some tips that can help you fight malware better.
- Define device-scanning policies. Make sure you have defined and implemented strict device-scanning policies. You should also consider various rules to cover issues like scanning frequency, scanning depth, on-demand, etc.
- Improved AV protection. Some types of malware may not appear on a regular AV scan. If so, I’d encourage you to try using Heimdal ™ Next-Gen AV and MDM, a solution rather than a combination of top-level detection rates, brute-force detection and protection features, and more.
- Beware of phishing. You know, most malware is sent via email. So, if it seems suspicious, it is probably dangerous and therefore should not be opened.
Do you enjoy our Threat Hunting Journal? Don’t forget to follow us LinkedIn, Twitter, Facebook, YouTubeOr Instagram Keep up to date with everything we post!